Deployment descriptor

The User Model for this use-case is pretty straightforward and JPA offers us some tools to make it even simpler. If you have already read through the 2FA tutorial this one probably looks very similar. We need to make sure that our User model contains a phone number, country code so that the user can be verified with Authy.

User model definition and JPA mappings

When we create a new user, we ask for a name, e-mail address, and a password. In order to validate a new account we also ask the user for a mobile number with a country code. We will use Authy to send a one-time password via SMS to this phone number.

It is now the servlet's responsibility to verify that the user provides the necessary information to create a new user. If the user is created successfully, they will be logged into the system automatically.

In .environment we list configuration parameters for the application. These are pulled from system environment variables, which is a helpful way to access sensitive values (like API keys). This prevents us from accidentally checking them into source control. We use the System.getenv method to load the key and inject the AuthyApiClient into the RegistrationServlet class.

Now we need our Authy production key (sign up for Authy here). When you create an Authy application the production key is found on the dashboard.

The Authy client provides us with a verify() method that allows us to pass a user id and a token. In this case we just need to check that the API request was successful and, if so, set the User's verified field to true.